SHA1 cracked .... What are the chances this will be addressed in LC?

Peter TB Brett peter.brett at livecode.com
Mon Mar 6 05:53:50 EST 2017



On 03/03/2017 18:00, Bob Sneidar via use-livecode wrote:
> It looks like the encrypt command is already using this method if
> the "with salt" arguement is provided? At least the encrypted result
> starts with "salted" and at least part of the salt value.
>

Hi Bob,

The "encrypt" command provides symmetric cryptographic functions, i.e.
you can decrypt the result again to get the cleartext back.  This is 
_not_ a desirable property for a password storage system; you should 
always use one-way (asymmetric) functions, such as a cryptographic hash.

                                       Peter

-- 
Dr Peter Brett <peter.brett at livecode.com>

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode




More information about the use-livecode mailing list